Professional Documents
Culture Documents
User Guide
5
Revision information
Table 1: Revisions in this document
Note: Information to help you maximize the benefits of your Entrust product.
Documentation feedback
You can rate and provide feedback about Entrust product documentation by
completing the online feedback form. You can access this form by
• clicking the Report any errors or omissions link located in the footer of
Entrust’s PDF documents (see bottom of this page).
• following this link: http://go.entrust.com/documentation-feedback
Feedback concerning documentation can also be directed to the Customer Support
email address.
support@entrustdatacard.com
Technical support
Entrust offers a variety of technical support programs to help you keep Entrust
products up and running. To learn more about the full range of Entrust technical
support services, visit our Web site at:
http://www.entrustdatacard.com/
If you are registered for our support programs, you can use our Web-based support
services.
Entrust TrustedCare Online offers technical resources including Entrust product
documentation, white papers and technical notes, and a comprehensive Knowledge
Base at:
https://trustedcare.entrustdatacard.com
If you contact Entrust Customer Support, please provide as much of the following
information as possible:
• Your contact information
• Product name, version, and operating system information
• Your deployment scenario
• Description of the problem
• Copy of log files containing error messages
• Description of conditions under which the error occurred
• Description of troubleshooting activities you have already performed
Telephone numbers
For support assistance by telephone call one of the numbers below:
• 1-877-754-7878 in North America
• 1-613-270-3700 outside North America
Email address
The email address for Customer Support is:
support@entrustdatacard.com
Training
Through a variety of hands-on courses, Entrust delivers effective training for
deploying, operating, administering, extending, customizing and supporting any
variety of Entrust digital identity and information security solutions. Delivered by
training professionals, Entrust's professional training services help to equip you with
the knowledge you need to speed the deployment of your security platforms and
solutions. Please visit our training website at:
https://www.entrustdatacard.com/resource-center/training
13
Entrust IdentityGuard Self-Service overview
Entrust IdentityGuard protects your organization’s online resources by providing the
capability of verifying your identity to the server. To allow you to be recognized by
Entrust IdentityGuard when you log in, you must be registered; that is, you must have
an Entrust IdentityGuard account.
The Self-Service application allows you to register for an Entrust IdentityGuard user
account without help from a system administrator. If you already have an account
and authentication items, such as a token, grid card, or smart credential, you may be
required to register using the Self-Service application so that you have access to
Self-Administration features.
After you have registered, you can access the Self-Administration interface. Using
Self-Administration, you can perform many administration tasks yourself, depending
on the way your administrators have configured Self-Service for your organization.
Self-Registration
After you log in to the Self-Registration application, you are prompted to set up
information for your authentication methods. Depending on how your company has
configured the registration application, you may do some or all of the following tasks
as part of self-registration to Entrust IdentityGuard:
• Enter contact information (either email addresses or telephone numbers or
both) for use in sending one-time passwords (OTP).
• Select a mutual authentication image.
• Enter a mutual authentication phrase.
• Select questions and enter answers for Question and Answer (Q&A)
authentication.
• Register for a grid, hardware token, or soft token.
• Download the Entrust IdentityGuard Mobile OTP app for using soft tokens
on mobile devices.
• Download the Entrust IdentityGuard Desktop Soft Token application for
using soft tokens on a Windows or Mac computer.
• Register for an Entrust IdentityGuard password.
If you have JavaScript disabled in your browser, you must click the Change button in
addition to selecting a language from the list.
When you access Self-Service again from the same browser on the same device,
Self-Service remembers your language preference from the previous session. (If you
use Self-Service from a public kiosk, or if your administrator has turned off this
feature, the language of your last session might not be remembered.)
Self-registration walk-through
This chapter walks you through the screens you will see when you register for an
Entrust IdentityGuard account using the Self-Service application.
You may not see all of the screens or all the features on the screens displayed in this
chapter; the registration requirements shown to you during registration depend on
which authentication factors your company uses.
17
Starting the self-registration walk-through
Open a Web browser, and log in to Self-Service at the URL supplied by Entrust
IdentityGuard administration in your company. Use the login method and log in
credentials supplied with your log in instructions.
Self-registration walk-through 19
Report any errors or omissions
Depending on the method of first-factor authentication configured for you, you
may be offered the one of the following login methods:
• password login
• one-time password (OTP) login
Complete the steps for the type of first-factor login challenge presented to you.
Self-registration walk-through 21
Report any errors or omissions
The Personal Information screen appears. This screen displays any information
that already exists for you.
2 From the drop-down menu labeled Please choose a label, select the email or
telephone number title you want to enter as contact information. In this example,
two of the options are Work Email and Work Phone.
3 In the Value field next to your first label, enter the applicable telephone number
or email address.
Contact information serves two purposes: it allows the administrator to reach
you, and it can also be used for the delivery of one-time passwords (OTP).
Self-registration walk-through 23
Report any errors or omissions
Note: If you enter a telephone number, click Telephone Number Format (in the
blue bar on the right side of the screen) to see the telephone number entry rules.
4 Optional. In the Default column, select one contact information entry as the
default way to contact you.
Attention: If the contact information you select as the default is not associated
with the one-time password (OTP) delivery method your company uses, then
OTP delivery will fail (unless you are given the opportunity to specify the
destination where the OTP should be sent at the time you request that an OTP
be delivered out-of-band).
For example, if you select Work Phone as your default contact information, and
your company sends OTP using email, then you will not receive an out-of-band
OTP.
If you expect OTP delivery, and it fails, contact the administrator.
5 Proceed to “To select your mutual authentication image and phrase” on page 25.
Attention: If you do not recognize the image or the phrase when logging in, do
not continue. Contact your system administrator.
Self-registration walk-through 25
Report any errors or omissions
questions and answers that will be difficult for others to guess.
3 Click Next.
This example screen shows that both a grid and a token have been assigned to
this user. This would be quite unusual — normally companies use either grid or
token, but not both. Both are assigned to the example user in this guide to allow
you to see all the options for both.
Attention: If you have been issued a grid or hardware token, there may be a
time limit for activating it. Contact your Entrust IdentityGuard administrator to
find out how long you have to activate your grid or hardware token.
4 Click Next.
Self-registration walk-through 27
Report any errors or omissions
Your registration to Entrust IdentityGuard is now complete. The
Self-Administration authentication challenge screen appears.
Self-registration walk-through 29
Report any errors or omissions
Using smart credentials with the Entrust IdentityGuard Mobile
Smart Credentials application
If Entrust IdentityGuard mobile smart credentials have been configured in your
company’s implementation of the Self-Service application, then you have the
opportunity to download the Entrust IdentityGuard Mobile Smart Credential app and
activate a smart credential on a mobile device.
For more information about activating and using Entrust IdentityGuard mobile smart
credentials, see one of the following:
• Entrust IdentityGuard Mobile Smart Credentials User Guide
• help file in the app
• device-specific user guides hosted on the Entrust Mobile Web page:
– For Apple iOS devices: http://www.entrust.com/mobilesc/ios-guide/
– For Android devices: http://www.entrust.com/mobilesc/android-guide/
Self-administration walk-through
This chapter walks you through the screens you will see when you log in to the
Self-Service Module Self-administration interface.
You may not see all of the screens displayed in this chapter; the screens displayed
depend on which authentication methods your company uses, and what actions your
company’s Self-Service configuration allows.
This chapter includes the following sections:
• “Starting the self-administration walk-through” on page 32—describes
various methods of logging into Self-Service for the first time
• “Self-administration actions” on page 40—provides some of the many
self-administration actions that users can perform through Self-Service.
31
Starting the self-administration walk-through
Log in using the log in method and credentials supplied by the Entrust
IdentityGuard system administration in your organization.
To log in to Self-Service
1 Open a web browser, and enter the Self-Administration URL provided by your
Entrust IdentityGuard administrator (this is the same URL you used to register).
The login screen appears.
2 If your administrator has configured Self-Service to display more than one
language, and you wish to use Self-Service in a language other than the one
displayed by default, select the language from the drop-down list. (If JavaScript
is not enabled on your browser, you must also select the Change button after you
choose a language.).
Self-administration walk-through 33
Report any errors or omissions
Login method Steps to log in
OTP login 1 Select the Let me use an OTP to log
in link.
2 Enter your user name.
3 If your browser and email or
messages are on the same device,
copy the OTP from the email or text
message you received and paste it
in the Challenge box. Otherwise,
enter the OTP manually in the
challenge box.
4 Select OK.
You have completed first-factor
authentication. Next you might be
challenged with a different type of
authenticator, for example, a grid
card, token, or a confirmation from
a mobile app (mobile soft token or
mobile smart credential. Go to
Step 4 on page 36.
Self-administration walk-through 35
Report any errors or omissions
Login method Steps to log in
Combined multifactor authentication example. Note: If you do not yet have a
second-factor authenticator to do
combined authentication, click Sign up
for Multifactor Authentication and
follow the on-screen instructions.
4 Enter your user name (and, if
required, your group (or
searchbase, or realm) and click OK.
5 On the next page, respond to the
first-factor and second-factor
challenges presented.
Because second-factor challenges
could be time sensitive (such as
mobile soft token push
authentication), the second-factor
challenge is displayed first. Respond
to the second-factor challenge, and
then enter for your first-factor
authenticator (your password).
This example shows a grid card
challenge, but second-factor
authenticators used for combined
authentication could be a grid card,
a mobile soft token, hardware
token or a one-time password
(OTP). Step 4 describes how to
respond to each of those types of
challenges. (Other parts of step 4
do not apply to combined
multifactor authentication.)
When first-and second-factor
authenticators are evaluated by
Entrust IdentityGuard and both are
successful, you go directly to the
Self-Administration Actions page.
Skip to “Self-administration
actions” on page 40.
When you see the mutual authentication image and phrase you selected earlier,
you can feel confident that you have contacted an Entrust IdentityGuard
application, and that it is safe to respond to the next challenge.
a If you have a grid, enter the grid coordinates requested, and click OK.
OR
b If you do not have your grid — you may have forgotten it at home — click
either one-time password challenge or question & answer challenge, for an
alternative way of authenticating.
Self-administration walk-through 37
Report any errors or omissions
– If you click one-time password challenge, you are prompted to confirm
your choice. You may change your mind and request a question & answer
challenge instead.
– Click OK.
The OTP Challenge screen appears. Check your email (or voice mail if your
OTP is delivered by telephone). The OTP email looks something like this:
Self-administration walk-through 39
Report any errors or omissions
Self-administration actions
There are many administration actions you can perform for yourself, depending on
how the Self-Service application is configured in your company. Some options you
see here may not be available depending on your administrator’s configurations. The
following procedures walk you through how they work.
The topics in this section include:
• “Updating your personal information” on page 41
• “Changing your questions and answers” on page 43
• “Unlocking a locked authenticator” on page 45
• “Enrolling and managing your biometric data” on page 47
• “Administering your grid” on page 52
• “Administering your hardware token” on page 57
• “Administering your soft token” on page 70
• “Changing or recovering your Entrust IdentityGuard password” on page 80
• “Administering machine secrets” on page 84
• “Requesting new OTPs” on page 86
• “Administering your smart credential” on page 87
• “Administering your digital ID” on page 105
• “Administering location history” on page 164
• “Reset your Entrust IdentityGuard password from the Self-Service login
page” on page 167
• “Unlock your Active Directory account or reset your Active Directory
password from the Self-Service login page” on page 169
Self-administration walk-through 41
Report any errors or omissions
You can update your full name, your contact information, and your mutual
authentication image and phrase from this screen. For more information, see “To
enter your personal information” on page 22 and “To select your mutual
authentication image and phrase” on page 25.
3 Make the changes as required.
4 Click OK, or click Cancel to undo any changes you have entered.
An updated Self-Administration Actions screen appears, confirming that your
personal information has been updated.
Self-administration walk-through 43
Report any errors or omissions
3 Select new questions or change the answers currently shown. In the
User-Defined Questions section, you can enter new questions and answers.
4 After you have made your changes, click OK.
An updated Self-Administration Actions screen appears, confirming that your
questions and answers have been updated.
Self-administration walk-through 45
Report any errors or omissions
2 On the Self-Administration Actions page, click I’d like to unlock my locked
authenticators.
3 Self-Service displays a message confirming that all your authenticators have been
unlocked. Click Done to end your session.
Enrolling fingerprints
Enrollment of fingerprints for biometric authentication is done as part of the
installation of the Entrust IdentityGuard Desktop for Microsoft Windows client. The
client allows you to use biometric (fingerprint) authentication to log in to your
Windows computer.
Before you begin this procedure, ensure that you have the following prerequisites:
• the Fingerprint Enrollment Client installation package (it is part of the
installation package for Entrust IdentityGuard Desktop for Microsoft
Windows.
• a fingerprint scanner connected to your computer
To enroll fingerprints
1 Install Log in to Self-Service. See “To log in to Self-Service” on page 32.
Self-administration walk-through 47
Report any errors or omissions
The Self-Administration Actions page appears.
4 Click the image of the finger for which you want to enroll a fingerprint. The
fingers that are circled are recommended, however, you can enroll any
fingerprints or those specified by your system administrator.
A green circle appears around the finger you selected.
Self-administration walk-through 49
Report any errors or omissions
6 Watch the software, waiting for a green box to appear around the finger.
11 Click Finish.
12 Go back to the Self-Service page and click Next.
13 Click Done.
You have now enrolled fingerprints to be used for biometric authentication.
Self-administration walk-through 51
Report any errors or omissions
Administering your grid
Use the procedures in this section to administer your own grid. You can report it
misplaced, found again, or lost permanently.
7 Check your email inbox for an email containing your temporary PIN. You can use
your temporary PIN for authentication until you find your grid.
Self-administration walk-through 53
Report any errors or omissions
To report that you have found your misplaced grid
1 Log in to Self-Service. See “To log in to Self-Service” on page 32. Use your
temporary PIN, Q&A, or one-time password (OTP).
2 In the Self-Administrative Actions screen, click I’ve found my grid and would
like to start using it again.
Note: Use this procedure if you are certain you will not find or retrieve your grid,
or if you think its security is compromised because someone may have had time
to copy it.
1 Log in to Self-Service. See “To log in to Self-Service” on page 32. Use your
temporary PIN, Q&A, or one-time password (OTP).
2 In the Self-Administrative Actions screen, click I’ve permanently lost my grid or
think it’s been compromised.
3 Click Yes.
4 The New Grid Distribution screen appears.
Self-administration walk-through 55
Report any errors or omissions
5 Read the screen carefully. It will tell you what alternate authentication you will
use while you wait for your new grid. If you have a valid email address in your
contact information, your temporary PIN will be emailed to you. If your company
uses eGrids, your new eGrid will be emailed to the email address you select.
6 Select the email account you want the temporary PIN or eGrid sent to.
7 Click OK.
8 The Self-Administration Actions screen appears, with new options that reflect
your current state. An example list of actions is shown below.
9 Check your email inbox for an email containing your temporary PIN or eGrid. If
your company does not use eGrids, use your temporary PIN for authentication
until your new grid arrives.
Self-administration walk-through 57
Report any errors or omissions
A confirmation screen appears.
3 Click Yes.
The Token Activation screen appears.
If the Enter your token serial number field appears, enter the serial number you
see on your token. To find the location of the serial number on your particular
type of token, refer to the graphics to the right of the Token Activation screen.
It shows several supported tokens, and illustrates the location of the serial
number on each.
Note: In the very unlikely event that token serial numbers are not unique across
token vendors, a user is prompted to select the token vendor from a list.
4 If the Token Name field appears, enter a name that describes your token. For
example, John might call his token John’s Banking Token. Typically you need
Note: If activation of your token also requires a synchronization, then you are
prompted to synchronize the token as part of activation.
Activation may also require that your PVN be changed—the PVN change will not
be saved if the token is synchronized automatically. You will be prompted to
change the PVN the next time you log in.
Note that the self-administration actions list now includes more options for
administering your token.
Self-administration walk-through 59
Report any errors or omissions
To report that you have temporarily misplaced your hardware token
1 Log in to Self-Service. See “To log in to Self-Service” on page 32.
2 In the Self-Administrative Actions screen, click I’ve temporarily forgotten or
misplaced my token.
3 Click Yes.
4 Select the email account from the drop-down list. The temporary PIN is emailed
to the account you select.
5 Click OK.
6 The Self-Administration Actions screen appears, with new options that reflect
your current state. An example list of actions is shown below.
7 Check your email inbox for an email containing your temporary PIN. Use your
temporary PIN for authentication until you find your token and reactivate it.
Self-administration walk-through 61
Report any errors or omissions
2 In the Self-Administrative Actions screen, click I found my token and would like
to start using it again.
3 Press the button on your token. Enter the number that appears.
You may also be required to enter your PVN, depending on your company’s
configuration.
Note: If your token needs resetting at this point, see “To synchronize your
hardware token” on page 63.
4 Click OK.
Self-administration walk-through 63
Report any errors or omissions
A confirmation screen appears.
3 Click Yes.
The Token Synchronization screen appears.
The number of responses you must enter are different for different types of
tokens, and also depend on your company’s Self-Service configuration. In this
example, you must enter two responses.
4 Press the token button. Enter the number that appears in Token Response 1.
5 Cancel the current number on the token, or wait for it to disappear.
6 Press the token button. Enter the number that appears in Token Response 2.
7 Click OK.
Self-administration walk-through 65
Report any errors or omissions
2 In the Self-Administrative Actions screen, click I’ve permanently lost my token
or it’s damaged.
3 Click Yes.
4 Select the email account. The temporary PIN is emailed to the account you select.
5 Click OK.
An updated Self-Administration Actions screen appears.
Self-administration walk-through 67
Report any errors or omissions
To change the name of your hardware token
1 Log in to Self-Service. See “To log in to Self-Service” on page 32.
2 In the Self-Administrative Actions screen, click I’d like to change the name
associated with my hardware token.
Self-administration walk-through 69
Report any errors or omissions
Administering your soft token
To download the Entrust IdentityGuard Mobile OTP application
1 Log in to Self-Service. See “To log in to Self-Service” on page 32.
2 In the Self-Administrative Actions screen, click I'd like to request a soft token.
Self-administration walk-through 71
Report any errors or omissions
When you click one of the links, the download page appears on your device. The
download page might have different links and wording from the one shown here.
This example is for downloading the Entrust IdentityGuard Mobile OTP app.
Note: On Android, during the download, you are asked whether you want the
app to have a permission called "System tools: prevent phone from sleeping".
You must allow this permission in order for the app to run as intended.
Note: On BlackBerry, during the download, you may be asked whether you
want to grant the app 'Trusted Application Status' or individual permissions. If
you are asked to grant Trusted Application Status, answer Yes to allow the app
to run as intended. If you are asked for individual permissions, answer Yes to the
following permissions:
- Phone
- Internet
- Device Settings
- Media
6 After the app has downloaded, Entrust IdentityGuard appears on your mobile
device or your computer.
Self-administration walk-through 73
Report any errors or omissions
2 If you selected option 1, complete the following steps for automatic online
activation:
a Choose the email account to which Entrust IdentityGuard should send the
activation email, and then click Email.
Entrust IdentityGuard sends the activation email to your target device.
b Open the email on your target device.
c Select the link in the email. If there are two links, select the first one.
The app opens.
d If prompted, enter your PIN or unlock the app with Touch ID (iOS 6 or
newer). (You are prompted to unlock the app only if you already have an
active soft token in your app that requires PIN protection.)
e On the Activate Identity screen, select Activate.
The soft token is activated for the identity.
f Select OK to close the Success message.
g If prompted, choose a PIN and confirm it. You must enter this PIN whenever
you open the app.
h On the Self-Service Web site, select Next.
Self-administration walk-through 75
Report any errors or omissions
The Web site confirms that the soft token is activated. You can use the soft
token to authenticate.
4 If you selected option 3, complete the following steps for offline automatic
activation with a QR code:
a Open the Entrust IdentityGuard Mobile OTP app on the mobile device on
which you want to activate the soft token.
b Select Scan QR Code from the menu (Android) or select the QR Code icon
(iOS).
Self-administration walk-through 77
Report any errors or omissions
The following diagram illustrates manual soft token activation using the
Entrust IdentityGuard Mobile OTP app on a BlackBerry device.
After activation, you can begin using the soft token in the Entrust IdentityGuard
Mobile OTP app to authenticate.
Self-administration walk-through 79
Report any errors or omissions
Changing or recovering your Entrust IdentityGuard
password
Use this procedure to update or recover your Entrust IdentityGuard password.
Self-administration walk-through 81
Report any errors or omissions
To report that you have forgotten your Entrust IdentityGuard password
1 Log in to Self-Service. See “To log in to Self-Service” on page 32.
2 In the Self-Administrative Actions screen, click I’ve forgotten my Entrust
IdentityGuard password.
3 Select the email account. Your Entrust IdentityGuard password will be sent to the
email account you select.
Note: When you first use your new password, you may be required to change it.
4 Click OK.
Self-administration walk-through 83
Report any errors or omissions
Administering machine secrets
Machine secrets are used to identify your computer to Entrust IdentityGuard. When
this feature has been configured, you may not have to present log in credentials if
you have previously logged in successfully from the same machine.
When you view your machine secrets, you see a list of machines you have logged in
from in the past. You should save machine secrets only when using company or
personal computers.
If you think you may have saved information from a public machine, such as a
computer in an Internet cafe, you should delete the machine secret listed for that
computer so that others using that computer cannot log into your company’s
computer system.
Self-administration walk-through 85
Report any errors or omissions
An updated Self-Administration Actions screen appears, confirming that the
selected machine secret has been deleted.
Self-administration walk-through 87
Report any errors or omissions
3 On the Physical Smart Credential Activation Choice page, select I’m activating
a physical smart credential such as a plastic card or USB token, and then click
Next.
Note: At October 2017, the only current browser that supports Java applets is
Microsoft Internet Explorer 11.0. Older versions of Internet Explorer can also be
used. Support for Java applets was removed from Google Chrome at version 45
and from Mozilla Firefox at version 52
Self-administration walk-through 89
Report any errors or omissions
7 Self-Service asks you to confirm that you want to activate your smart credential.
Click Yes.
Self-administration walk-through 91
Report any errors or omissions
The Entrust Encode Smart Card dialog box appears.
14 Remove your smart credential from the reader and then reinsert it so that your
computer recognizes your smart credential.
Self-administration walk-through 93
Report any errors or omissions
To unblock your smart credential (Windows login scenario)
1 If you entered an incorrect smart credential PIN too many times when trying to
log in to Windows, the PIN becomes blocked. To unblock it, log in to Self-Service.
See “To log in to Self-Service” on page 32.
2 In the Self-Administrative Actions screen, click I’d like to unblock my smart
credential.
A confirmation appears.
3 Click Yes.
4 You might be asked to make the following choice:
• Card Unblocking Key— Choose this option if your PIN is blocked for
Windows login on Windows 8 or later, then click Yes to continue.
• Window 7 PIN Unblock— Choose this option if your PIN is blocked for
Windows 7 login, then enter the 16-character challenge displayed on your
Windows login screen, and then click OK.
5 Enter the response code in the Windows Smart Card logon dialog box.
Your smart credential PIN is unblocked.
6 Enter a new PIN in the New PIN text box, and repeat it in the New PIN
Confirmation text box.
7 Click the arrow icon to log in with your new PIN.
Self-administration walk-through 95
Report any errors or omissions
• “To reset your smart credential PIN using a Java-enabled browser” on
page 96
• “To reset your smart credential PIN using ESP” on page 99
Note: At October 2017, the only current browser that supports Java applets is
Microsoft Internet Explorer 11.0. Older versions of Internet Explorer can also be
used. Support for Java applets was removed from Google Chrome at version 45
and from Mozilla Firefox at version 52.
1 Open Microsoft Internet Explorer, version 11, or an older version. Currently, this
is the only browser (or one of very few) that continue to support the use of Java
applets).
2 Insert your smart card into the card reader or insert your USB smart credential into
a USB slot.
3 Go to your Self-Service page.
4 On the Self-Service login page, click the Forgot your smart credential PIN? link.
The Smart Credential PIN Reset page appears. If more than one PIN reset
method is supported, you might be asked to choose the method you want to
change your PIN.
5 Select Reset my physical smart credential PIN using a Java applet that runs in
my web browser.
6 Self-Service presents one or more authentication challenges. They could be any
of several types of challenges. Some are described in the examples that follow.
Respond to the challenge to authenticate.
Examples of authentication challenges
Mutual authentication and grid card: If you have a grid card, you might see a
grid card challenge. In this case, it is paired with a mutual authentication
Self-administration walk-through 97
Report any errors or omissions
the app, select the notification, and select the Confirm button to complete the
authentication.
After you successfully authenticate, the Smart Credential PIN Reset page
appears.
8 Click OK.
9 Self-Service confirms that the PIN was reset successfully.
10 Click Done.
Self-administration walk-through 99
Report any errors or omissions
4 Enter your user name, and then click Next.
After you successfully authenticate, the Smart Credential PIN Reset using ESP
page appears.
8 Insert your smart card into the card reader or insert your USB smart credential into
a USB slot, and then click OK.
10 Click OK.
A dialog box confirms that the PIN was reset successfully.
11 Click OK to close the confirmation dialog box, then click OK again to close the
ESP application.
Note: If your device asks you for a password during the digital ID request
process, make one up.
3 If you have authenticated from a location you do not plan to visit again, you may
choose to delete the location history entry corresponding to that location.
Review the City and the Last Authentication date to help you choose the correct
entry.
a Select Delete for the location entry you want to delete.
b Click OK.
A confirmation dialog box appears.
To reset your Entrust IdentityGuard password from the Self-Service login page
1 Navigate to the Self-Service website.
2 Select the Forgot your password? link.
To unlock or reset your Active Directory corporate domain password from the
Self-Service login page
1 Using a browser on a computer that is not locked or on a mobile device, navigate
to the Self-Service website.
2 Select the Password locked or forgotten? link. This link appears if you use your
Active Directory password to log in to Self-Service.
At this point, Self-Service doesn’t know whether you need to unlock your
account or reset your password. It shows the Password Reset page, but it is part
of the workflow for unlocking the account, too.
3 On the Password Reset page, enter the user name for your account.
6 In Scenario 1 described above, you do not want to change your password (you
have already changed the password on your computer and just need to update
it on your mobile device). In this case:
a Select No.
Self-Service displays the login page again. Now that your Active Directory
corporate account is unlocked, you can log in with the password you
updated earlier on your computer (Scenario 1).
b To complete the scenario, you would change the password on your mobile
device email application or on any other device where it is not up to date to
prevent the Active Directory corporate domain account becoming locked
again.
OR
7 In Scenario 2, you want to reset your password because you have forgotten it.
a On the page that confirms that your account is unlocked and asks if you
want to change your password, select Yes.
Self-Service displays a page where you can change your password or have a
temporary password mailed to you. (After you authenticate with your temporary
password, you must reset your password.)
b Reset your password, being sure to satisfy all of the password rules.
c Click Done on the Self-Service page.